Issue:

I have a issue with radius working properly on a cluster and need to ensure that the source-ip used matches the NAS-ip.    My understanding in the past is to follow sk31832 and modify the table.def file globally  and add in "<1812, 17>" , save and then install policy on the devices to take affect.

i.e. 

before

no_hide_services_ports = { <4500,17>, <500, 17>, <259, 17>, <1701, 17>, <5500, 17>};

after

no_hide_services_ports = { <4500,17>, <500, 17>, <259, 17>, <1701, 17>, <5500, 17>, <1812, 17>};

Questions:

1.  is this still the only way to achieve this in R81.10 or R81.20?  
   1. Feels like we should be able to do this on some no hide nat rule in each access policy verses setting this globally for all gateways.
2. In a SMS management HA setup, does both Management servers need to be updated manually or is this synchronized over the secondary if edited on the primary member?
   1. Only had to do this in the past on a single SMS server and can't see to find any docs that touches to this point.
   2. If it synchronizes, is that done automatically or is it something having to be driven by some 'install database' on both servers?
3. Being that this type of change affects all GWs, is there any ill affect to any VSX clusters?
   1. I have not setup radius on those R81.10 VSX clusters (VSLS) yet but wanted to be sure.
      1. it seems per documentation that this modification "IS" a requirement before I do set it up here (Accurate?)
         1. REF:  https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_VSX_AdminGuide/Topics-VSXG/W...

Thanks in advance